BASF

BASF, also known as Badische Anilin- und Soda-Fabrik, is headquartered in Germany. In early 2018, the company experienced a significant cybersecurity incident involving the Winnti malware. This sophisticated attack was attributed to a Chinese state-aligned hacking group known for conducting long-term corporate espionage operations. The attackers gained initial access to BASF's networks primarily through phishing emails directed at human resources personnel. Once inside, they established persistent footholds, enabling them to maintain access over extended periods for the purpose of exfiltrating sensitive corporate data.

The Winnti malware employed in the compromise provided attackers with remote administration capabilities across both Windows and Linux operating systems within BASF's environment. To deepen their access and evade detection, the attackers modified commonly used software applications on compromised systems. This incident was not isolated; BASF was one of several major international corporations targeted in the same broader campaign. Other affected entities included prominent German industrial and chemical firms such as Siemens and Henkel, alongside companies operating in Switzerland, the United States, Japan, and Indonesia. While some victims detected the intrusion relatively early, the widespread nature of the compromises strongly suggested the attackers successfully conducted extensive data harvesting operations against BASF and the other targeted organizations.